Hi, I have a script that parses firewall logs. The firewall can be set to export its logs in CSV format, and that is what we needed. However, sometimes, other firewalls are being left in a Syslog format, and upon reading the log files, I want to make sure I will convert it to CSV if in case it is currently in Syslog format.
Syslog format: Jan 19 11:37:21 firewall date=2007-01-19 time=11:42:15 devname=TESTfirewall device_id=FGT-602905503304 log_id=0104032006 type=event subtype=admin pri=information vd=root user="admin" ui=GUI(192.168.1.11) action=login status=success reason=none msg="User admin login successfully from GUI(192.168.1.1)" CSV format: Jan 19 11:35:27 firewall date=2007-01-19 time=11:40:21,devname=TESTfirewall,device_id=FGT-602905503304,log_id=0104032006,type=event,subtype=admin,pri=information,vd=root;user="admin",ui=GUI(192.168.1.1),action=login,status=success,reason=none,msg="User admin login successfully from GUI(192.168.1.1)" Based on my observation, commas are inserted only on space-separated fields after "time=" Also, a semicolon (;) was inserted between "vd=root user" Question: If you have this kind of objective, how will you handle this? Just some clues, and I'll be good on my own. Thanks! ____________________________________________________________________________________ Don't pick lemons. See all the new 2007 cars at Yahoo! Autos. http://autos.yahoo.com/new_cars.html
